文章目录
原因
需要SQL注入的时候,我们必须使用Statement
class Statement
import javax.swing.plaf.nimbus.State;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Scanner;
public class Statement {
public static void main(String[] args) {
Connection connection=null;
java.sql.Statement statement=null;
ResultSet resultSet =null;
//用户在控制台输入desc就是降序,输入asc就是升序
Scanner scanner= new Scanner(System.in);
System.out.println("请输入asc或者desc:asc表示升序,desc表示降序");
System.out.print("请输入:");
String keyWords=scanner.next();
try {
//第一步:注册驱动
Class.forName("com.mysql.jdbc.Driver");
//第二步:创建连接
connection= DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/mobilemallsystem","root","123456");
//第三步:获取SQL语句执行对象
statement=connection.createStatement();
//第四步:执行SQL语句
String sql="select * from usermessage order by uname "+keyWords;
resultSet= statement.executeQuery(sql);
//第五步:处理查询结果集
while(resultSet.next()){
System.out.println(resultSet.getString("uname"));
}
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException throwables) {
throwables.printStackTrace();
}finally {
//第六步:释放资源
if(resultSet!=null){
try {
resultSet.close();
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}
if(statement!=null){
try {
statement.close();
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}
if(connection!=null){
try {
connection.close();
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}
}
}
}